Before being deployed to the entire organization they wanted Dr. Cole and his team to test things out to verify the software was very robust. A file was included on the encrypted hard drive; the goal was to see if Dr. Cole and his team could figure out the content of the file. The first thing the team did when they got back to the lab was turn on the system. The system booted up and, much to everyone's surprise, auto login was enabled (gasp!). The system automatically logged in the user and they were able to easily look at the screen and all data, including the file -- how terrifying! Within 60 seconds Dr. Cole and his team successfully broke in merely by turning on the system. Through misconfiguration the full disk encryption provided no protection. Now that is scary!!
While Halloween will soon be gone, it is terrifying to know these frightening tales will continue to play out in organizations around the globe. To keep your company from becoming a house of horrors, educating end users is a great place to start. Organizations must wake up and realize the importance of the human element. Otherwise these gruesome tales will continue. If you work to change a persons habits through heightened awareness you will minimize risks.
Dr. Eric Cole is a SANS faculty fellow and course author, and founder of Secure Anchor Consulting.
Sign up for CIO Asia eNewsletters.